2011
Integer overflow in ImageIO in Apple Mac OS X before 10.6.7 via a crafted XBM image (CVE-2011-0181) [Sample]
Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X before 10.6.8 via a crafted embedded TrueType font (CVE-2011-0198) [Sample]
Off-by-one error in the CoreFoundation framework in Apple Mac OS X before 10.6.8 via a CFString object (CVE-2011-0201) [Sample]
Heap-based buffer overflow in ImageIO in Apple Mac OS X before 10.6.8 via a crafted JPEG2000 image (CVE-2011-0205) [Sample]
Heap memory corruption in VLC (VideoLAN) via crafted USF subtitles in an MKV file (CVE-2011-0522)
2013
Hackabi (Matriculation Examination Board hacking contest) submission (CVE-2013-1446)
2014
ASUS router drive-by code execution via XSS and authentication bypass (CVE-2014-1225 et all) [PoC]
OS X Lock Screen Race Condition Security Vulnerability (CVE-2014-4438) [Video]
2015
QNAP QTS weak sessionid generation
2016
SilverCrest SWS-A1 Wi-Fi Power Socket multiple vulnerabilities (video)
Serious security threat in AfterPay bracelet payment
Inteno router CWMP Certificate Validation Vulnerability
POINTYFEATHER / tar extract pathname bypass (CVE-2016-6321) [PoC]
Multiple Vulnerabilities (including RCE as root) in QNAP QTS 4.2.x [slides] [video]
2017
Multiple Vulnerabilities (including authenticated RCE as root) in Foscam cameras (CVE-2018-19063, CVE-2018-19064, CVE-2018-19065, CVE-2018-19066, CVE-2018-19067, CVE-2018-19068, CVE-2018-19070, CVE-2018-19071, CVE-2018-19072, CVE-2018-19073, CVE-2018-19074, CVE-2018-19075, CVE-2018-19076, CVE-2018-19077, CVE-2018-19078, CVE-2018-19079, CVE-2018-19080, CVE-2018-19081 and CVE-2018-19082) (advisory)
Local Privilege Escalation to root in aws-cfn-bootstrap (CVE-2017-9450)
2018
Intel(R) Active Management Technology MEBx Bypass [video]
GNU Wget Cookie Injection (CVE-2018-0494)
MagniComp SysInfo Information Exposure (CVE-2018-7268)
foilChat sign up email PIN confirmation bypass
libcurl SASL password overflow via integer overflow (CVE-2018-16839)
2019
2020
D-Link DGS-1250 header injection vulnerability
2021
NiceHash Miner Excavator API Cross-Site Request Forgery
Datto Remote Monitoring and Management Local Privilege Escalation
libcurl schannel cipher selection surprise (CVE-2021-22897)
libcurl TELNET stack contents disclosure (CVE-2021-22898)
libcurl TLS session caching disaster (CVE-2021-22901)
libcurl Wrong content via metalink not discarded (CVE-2021-22922)
libcurl Metalink download sends credentials (CVE-2021-22923)
libcurl Bad connection reuse due to flawed path name checks (CVE-2021-22924)
libcurl CURLOPT_SSLCERT mixup with Secure Transport (CVE-2021-22926)
2022
Microsoft Office 365 Message Encryption Insecure Mode of Operation
libcurl Credential leak on redirect (CVE-2022-27774)
libcurl Bad local IPv6 connection reuse (CVE-2022-27775)
libcurl Auth/cookie leak on redirect (CVE-2022-27776)
libcurl curl removes wrong file on error (CVE-2022-27778)
libcurl TLS and SSH connection too eager reuse (CVE-2022-27782)
libcurl Set-Cookie denial of service (CVE-2022-32205)
libcurl HTTP compression denial of service (CVE-2022-32206)
libcurl Unpreserved file permissions (CVE-2022-32207)
libcurl FTP-KRB bad message verification (CVE-2022-32208)
Apache Airflow Daemon Mode Insecure Umask Privilege Escalation (CVE-2022-38170)
2023
curl HSTS ignored on multiple requests (CVE-2023-23914)
curl HSTS amnesia with --parallel (CVE-2023-23915)
libcurl Telnet option IAC injection (CVE-2023-27533)
libcurl SFTP path ~ resolving discrepancy (CVE-2023-27534)
libcurl FTP too eager connection reuse (CVE-2023-27535)
libcurl GSS delegation too eager connection re-use (CVE-2023-27536)
libcurl SSH connection too eager reuse still (CVE-2023-27538)
libcurl siglongjmp race condition (CVE-2023-28320)
libcurl cookie mixed case PSL bypass (CVE-2023-46218)
2024
Ubiquity UniFi Network Application command injection (CVE-2024-42025)
N-able Ecosystem Agent Improper Certificate Validation (CVE-2024-5445)